Skip to content

Commit 4053189

Browse files
peterepetere
committed
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and passed to SPI_execute_plan(). This pointer would then end up being passed through datumCopy(), which would try to copy the entire 64 bytes of name data, thus running past the end of the C string. Fix by converting the string to a proper name structure. Found by LLVM AddressSanitizer.
1 parent f19e92e commit 4053189

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/backend/utils/adt/ruleutils.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -632,7 +632,7 @@ pg_get_viewdef_worker(Oid viewoid, int prettyFlags, int wrapColumn)
632632
* Get the pg_rewrite tuple for the view's SELECT rule
633633
*/
634634
args[0] = ObjectIdGetDatum(viewoid);
635-
args[1] = PointerGetDatum(ViewSelectRuleName);
635+
args[1] = DirectFunctionCall1(namein, CStringGetDatum(ViewSelectRuleName));
636636
nulls[0] = ' ';
637637
nulls[1] = ' ';
638638
spirc = SPI_execute_plan(plan_getviewrule, args, nulls, true, 2);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy